ModSecurity

The module adds a connector for using rules from ModSecurity.

Loading the Module

To work with the module, you need to load it in the context of main{}:

load_module modules/ngx_http_modsecurity_module.so;

Configuration Example

Specify the directives modsecurity and modsecurity_rules_file in the appropriate context, for example server:

/etc/angie/http.d/default.conf

server {
    modsecurity on;
    modsecurity_rules_file /etc/angie/modsecurity/rules.conf;
    # ...
}

Copy the OWASP Core Rule Set for ModSecurity (CRS) to the directory /var/lib/angie/modsecurity/:

$ cd /var/lib/angie/modsecurity/
$ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset

Tip

Check the latest release number here: coreruleset/coreruleset

In the directory with the core rules, copy the minimally required ModSecurity configuration examples:

$ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf
$ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \
      coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
$ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \
      coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

Uncomment the following Include directives in the file /etc/angie/modsecurity/rules.conf:

Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf
Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf

Additional Information

Detailed documentation and source code are available at: owasp-modsecurity/ModSecurity.